AWS IAM user policy that is used by the "Access Key Alias"
search cancel

AWS IAM user policy that is used by the "Access Key Alias"

book

Article ID: 117256

calendar_today

Updated On: 10-18-2023

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager (PAM)

Issue/Introduction



When the IAM user who is set to the "access key alias" of the AWS has the "PowerUserAccess" policy only, the below understanding is correct? 
  1. On the AWS policy, if I set less restrict policy than the PowerUserAcesss, it is possible to do division of authority.
  2. On the AWS policy, if I set more restrict policy than the PowerUserAccess, when the user tries to AWS console from the Access screen, it will not reach the AWS console screen because of the access denied.

Environment

CA Privileged Access Manager (PAM) r3.x

Resolution

They are correct.